Results 1 to 7 of 7

Thread: Security?

  1. #1
    Join Date
    Nov 2002
    Location
    Fairbanks, Alaska
    Posts
    708

    Security?

    Okay... In the past several weeks I've been reading these forums with every spare second I get. I've learned a lot from you guys and am almost ready to take my plunge in adding hosting to my business....


    Question is this - How do enforce secure servers?

    I see everyone talking about spammers, bad scripts that have loopholes, lots of stuff. How do you know when someone on your server is a spammer? My server said their currently scanning the servers for FormMail.pl - how are they doing that? Just manually in linux going into ALL of their customers folders and looking through it?

    How do you make the info on your servers secure? So people can't just walk in and start defacing websites on your server?

    How do you provide reliable security to YOUR customers?

  2. #2
    Join Date
    Aug 2001
    Posts
    4,028
    One of the things we do is DO NOT give out Telnet/SSH to any of our clients.

  3. #3
    Join Date
    Nov 2002
    Location
    Fairbanks, Alaska
    Posts
    708
    See, my hoster is the same way. No telnet, no ssh - FTP only
    www.neo-tech.us

    - Computer Sales/Repair/Networking
    - Web Design/Web Hosting

  4. #4
    Join Date
    Nov 2002
    Location
    Fairbanks, Alaska
    Posts
    708
    Anyone else have any tips on security for web hosting?

    What I should know and any other things?
    www.neo-tech.us

    - Computer Sales/Repair/Networking
    - Web Design/Web Hosting

  5. #5
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,480
    If a host gives out PHP/Perl to customers without restricting it then disabling SSH isn't going to do a lot as PHP/Perl can both create their own command line.
    Karl Austin :: KDA Web Services Ltd.
    UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
    Call us today and ask about our hosting solutions.

  6. #6
    Join Date
    Nov 2000
    Location
    Vancouver, BC
    Posts
    283
    i think you just really need to know your servers well. in a shared hosting environment, if you want anyone to actually pay for your services, you'll need to give them leeway.

    example, php is largely insecure in a shared hosting environment as an apache module, but chances are you're going to let that slide, because it's fairly restrictive without.

    basically, it's not what you can disable, but how you react to security issues as they happen. can you recognize the signs of "something going wrong"? can you debug the issue, and can you stop the damage before it happens or slow it down as much as possible?

  7. #7
    Join Date
    Sep 2002
    Posts
    900
    Putting each customer in a chroot jail is a good idea but remember there are ways to break out and there are fixes for these break outs.

    As far as finding formmail.pl, something as simple as

    find / -name FormMail.pl

    will search your ENTIRE system for FormMail.pl

    so you might want to hone your search done to wherever you host your sites such as /home

    find /home -name FormMail.pl

    This is not exactly a good way considering anyone can rename FormMail.pl to anything they please, but it's a start.

    You can do a LOT of cool stuff with find, many many pages can be written on it so read the man pages and search google

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •